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DECISION ON APPEAL 



1 The two-month time period for filing an appeal or commencing a civil 
action, as recited in 37 CFR § 1.304, begins to run from the decided date 
shown on this page of the decision. The time period does not run from the 
Mail Date (paper delivery) or Notification Data (electronic delivery). 
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This is a decision on appeal under 35 U.S.C. § 134(a) from the 
Examiner's rejection of claims 1-6, 8-13, 15-21, 23-31, 33-36, 38-45, 47, 
49-53, 55-59, 61-67, 69, 70 and 72. The Examiner indicated in the Final 
Rejection (mailed April 10, 2007) that claims 14, 22, 37, 46, 54, 60, 68 and 
71 would be allowable if rewritten in independent form (Final Rejection 3). 
Claims 7, 32, and 48 are cancelled. We have jurisdiction under 35 U.S.C. 
§ 6(b). 

We affirm in part. 

THE INVENTION 

The disclosed invention relates generally to distributed computing 
environments including Web-centric and Internet-centric distributed 
computing environments. More particularly, the present invention relates to 
a heterogeneous distributed computing environment based upon a message 
passing model using message gates to perform message authentication in 
communications between network clients and services. (Spec. 1, 11. 27-31). 

Independent claim 1 is illustrative: 

1 . A method for communicating in a distributed computing 

environment, comprising: 

a client accessing an authentication service to obtain an 
authentication credential to use a first service; 

determining client capabilities for said client, wherein 
said client capabilities are capabilities of said first service that 
said client is permitted to use; 

binding said client capabilities to said authentication 
credential; 
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said client sending a first message to said first service, 
wherein said first message includes said authentication 
credential 

said first service using said authentication service to 
authenticate said authentication credential received in said first 
message; and 

said first service responding to said first message if said 
authentication credential in said first message is determined to 
be authentic as from said client. 

THE REFERENCES 

The Examiner relies upon the following references as evidence in 
support of the anticipation and obviousness rejections: 

Adams US 6,7 1 8,470 B 1 Apr. 6, 2004 

(filed Jun. 5, 1998) 
Czerwinski "An Architecture for a Secure Service Discovery 
Service." Aug. 15, 1999, PP. 24-25. 

THE REJECTIONS 

1. The Examiner rejected claims 1, 2, 8-13, 15-17, 20, 21, 23-28, 
33-36, 38-43, 47, 49-51, 56-59, 61-63, 66, 67, 69, 70 and 72 
under 35 U.S.C. § 102(e) as being anticipated by Adams. 

2. The Examiner rejected claims 3-6, 18, 19, 29-31, 44-45, 52, 53, 
55, 64, and 65 under 35 U.S.C. § 103(a), as being unpatentable 
over Adams in view of Czerwinski. 2 



2 The Examiner withdrew the rejection of claims 1-6, 8-31, 33-47 and 49-72 
under the judicially created doctrine of obviousness-type double-patenting. 
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Only those arguments actually made by Appellants have been 
considered in this decision. Arguments which Appellants could have made 
but chose not to make in the Briefs have not been considered and are 
deemed to be waived. See 37 C.F.R. § 41.37(c)(l)(vii). 

Reversal of claims 2-6, 9, 10, 12, 13, 17-21, 23-26, 28-31, 34-36, 40, 
47, 52, 53, 55, 58, 59, 61, 63-65, 67, and 69, 70, and 72 

At the outset, we reverse the Examiner's rejection of independent 
claims 17, 58, and 69 for the reasons discussed infra. Because claims 20, 21, 
and 23-26 depend upon claim 17, claims 59 and 61 depend from claim 58 
and claims 70 and 72 depend from claim 69, we also reverse the Examiner's 
rejections of claims 20, 21, 23-26, 59, 61, 70 and 72. 

Regarding independent claim 17, we find Appellants' argument 
persuasive that Adams does not disclose the limitations of "said service 
advertisement includes an address for an authentication service." (App. Br. 
36). In particular, we find that Adams fails to disclose a website including 
an address for the privilege data selector as asserted by the Examiner, and 
Adams is silent with regards to a service advertisement for a relying party 
unit that includes an address. We also reverse the Examiner's rejection of 
dependent claims 2, 28 and 63-65 which similarly recite a "service address 
that includes an address for an authentication service" for the same reasons 
discussed supra regarding claim 17. 



The Examiner consolidated the original four rejections into the two 
rejections listed above. 
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We also reverse the rejection of claims 52, 53 and 55 for the same 
reasons discussed above regarding claim 17. In addition, the Examiner has 
not shown, nor have we found, that Czerwinski cures the deficiencies of 
Adams discussed supra. 

We also reverse dependent clams 3-6, 18, 19, and 29-31 which depend 
from claims 2, 17, and 28 discussed supra. In particular, the Examiner has 
not shown, nor have we found, that Czerwinski cures the deficiencies of 
Adams discussed supra. 

Regarding independent claims 58 and 69, we find Appellants' 
arguments persuasive that Adams does not disclose the limitation of 
generating a message gate for accessing the first service. (App. Br. 67). In 
particular, we find that the "suitable link" taught in Adams, is in fact, not 
analogous to the claimed "message gate" recited in claim 58 as asserted by 
the Examiner. We broadly but reasonably construe the claimed message 
gate as a message endpoint for a client or service in a distributed computing 
environment. As such, it is our view that the "suitable link" cited by the 
Examiner does not include an embedded credential, as claimed. Further, it is 
our view that the "suitable link" cited by the Examiner is too nebulous to 
support a rejection under §102. We also reverse the Examiner's rejection of 
dependent claims 12-13, 36, and 67 which similarly recite a "message gate 
for accessing the first service" for the same reasons discussed supra 
regarding claims 58 and 69. 

We also reverse the Examiner's rejection of dependent claims 9, 10, 
34, and 35 because we find Appellants' arguments persuasive that Adams 
does not disclose the limitation of a "capability token," as recited in claims 9 
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and 34. (See App. Br. 31). In particular, we do not agree with the 
Examiner's assertion that the "pre-qualification privilege data" described in 
Adams discloses the claimed "capability token" recited in claims 9 and 34. 
The privilege data as described in Adams is data representing a user position 
in a company, transaction signing limits, or other suitable data. (Adams col. 
3, 11. 38-41). In contrast, we broadly but reasonably construe a capability 
token as a tangible credential (token) that is used to define the capabilities of 
the service the client is permitted to use. (See e.g., App. Br. 31, Spec. 97, 11. 
9-15). 

We also reverse the Examiner's rejection of dependent claim 40. 
More particularly we find the Appellants' arguments persuasive that Adams 
does not disclose that the client device is configured to couple to a network 
via a wireless connection, as recited in claim 40. (App. Br. 60). We 
particularly note that Adams is silent with regards to the claimed "wireless 
connection." Further, we find that the "suitable link" disclosed in Adams is 
too nebulous to anticipate the claimed wireless connection under § 102. 

Lastly, we pro forma reverse the Examiner's rejection of dependent 
claim 47 as being anticipated by Adams. Claim 47 (rejected under §102) 
depends upon claim 44 that the Examiner rejected under 35 U.S.C. § 103. 
Therefore, we find this "inverted" rejection to be improper on its face. 

GROUPING OF CLAIMS 
The remaining claims are grouped as follows: 
(1) Appellants argue claims 1, 8, 15, and 16 as a group and present 
similar arguments for claims 27, 33, 38, 39, 41, 42, 43, 49, 50, 51, 56, 57, 
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62, and 66. (App. Br. 24-25, 55-56, 61-63, 69-70). We will, therefore, treat 
claims 8, 15, 16, 27, 33, 38, 39, 41, 42, 43, 49, 50, 51, 56, 57, 62, and 66 as 
standing or falling with claim 1 . 

(2) Appellants separately argue claim 11 (id. at 32). 

(3) Appellants separately argue claim 44 (id. at 82). 

(4) Appellants separately argue claim 45 (id. at 82). 

We accept Appellants' grouping of the claims. See 37 C.F.R. 
§41.37(c)(l)(vii). 

FINDINGS OF FACT 
In our analysis infra, we rely on the following findings of fact (FF) 
that are supported by a preponderance of the evidence: 
Adams 

1. Adams discloses that a centralized privilege data selector 500 
determines whether there are any matching attribute certificates or privilege 
data within attribute certificates that satisfy the privilege test criteria data 
communicated by the relaying party unit. (Col. 6, 11. 57-61). 

2. Adams discloses that the centralized privilege data selector 
generates pre-qualification privilege data based on the subscriber 
identification data. (Col. 6, 11. 52-57). 

3. Adams discloses that the attribute certificate selector 202 retrieves 
subscriber certificates or other certificates containing data representing a 
subscriber's unit's privilege status. Matching (associated) privilege data is 
sent as pre-qualification privilege data. (Col. 5, 11. 19-29). 
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4. Adams discloses that a pre-qualification privilege data verifier 106 
retrieves the attribute certificate from the privilege test criteria data provider 
and compares this information to the received pre-qualification privilege 
data for consistency. (Col. 5, 11. 47-54). 

5. Adams discloses that any matching attribute certificates are sent as 
pre-qualification privilege data. The relaying party unit performs pre- 
qualification privilege verification. (Col. 6, 11. 61-67). 

6. Adams discloses a pre-qualification privilege data verifier that 
compares the privilege test criteria data with the pre-qualification privilege 
data prior to granting privilege to the subscriber unit. (Col. 7, 11. 5-9). 

Czerwinski 

7. Czerwinski teaches that services encode their service metadata as 
XML documents, and that the clients specify their queries using the XML 
template. (25 § 2.3). 

PRINCIPLES OF LAW 

"[T]he examiner bears the initial burden on review of the prior art or 
on any other ground, of presenting a prima facie case of unpatentability. If 
that burden is met, the burden of coming forward with evidence or argument 
shifts to the applicant." In re Oetiker, 977 F.2d 1443, 1445 (Fed. Cir. 1992). 

Therefore, we look to Appellants' Briefs to show error in the 
proffered prima facie case. 
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Claim Construction 
"[T]he PTO gives claims their 'broadest reasonable interpretation.'" 
In re Bigio, 381 F.3d 1320, 1324 (Fed. Cir. 2004) (quoting In re Hyatt, 211 
F.3d 1367, 1372 (Fed. Cir. 2000)). 

Anticipation 

"Anticipation requires the presence in a single prior art reference 
disclosure of each and every element of the claimed invention, arranged as 
in the claim." Lindemann Maschinenfabrik GmbH v. American Hoist & 
Derrick Co., 730 F.2d 1452, 1458 (Fed. Cir. 1984). 

For a prior art reference to anticipate in terms of 35 U.S.C. § 102, 
every element of the claimed invention must be identically shown in a single 
reference. However, this is not an "ipsissimis verbis" test. In re Bond, 910 
F.2d 831, 832 (Fed. Cir. 1990). 

Obviousness 

In rejecting claims under 35 U.S.C. § 103, "[w]hat matters is the 
objective reach of the claim. If the claim extends to what is obvious, it is 
invalid under § 103." KSR Int'l Co. v. Teleflex, Inc., 127 S. Ct. 1727, 1742 
(2007). To be nonobvious, an improvement must be "more than the 
predictable use of prior art elements according to their established 
functions." Id. at 1740. 

What a reference teaches is a question of fact. In re Baird, 16 F.3d 
380, 382 (Fed. Cir. 1994); In re Beattie, 974 F.2d 1309, 1311 (Fed. Cir. 
1992). The presence or absence of a motivation to combine references in an 
obviousness determination is a pure question of fact. In re Gartside, 203 
F.3d 1305, 1316 (Fed. Cir. 2000). 
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Appellants' Contentions 

In the Briefs, Appellants' arguments contest the Examiner's findings 
regarding specific claim limitations that we have incorporated in our 
statements of issues, infra. 

Section 102 rejection of claims 1, 8, 15, 16, 27, 33, 38, 39, 41, 42, 43, 
49, 50, 51, 56, 57, 62, and 66 

Appellants contend that the cited references fail to teach or suggest 
the limitations of determining client capabilities for a client; binding the 
client capabilities to the authentication credential; and using the 
authentication service to authenticate the authentication credential. (App. 
Br. 24, 26, and 27) 

ISSUES 

We consider the following issues that flow from the contentions of the 
Appellants and the Examiner: 

(1) Have Appellants shown the Examiner erred in determining that 
Adams discloses determining client capabilities for a client, as recited in 
claim 1? 

(2) Have Appellants shown the Examiner erred in determining that 
Adams discloses binding said client capabilities to said authentication 
credential, as recited in claim 1 ? 

(3) Have Appellants shown the Examiner erred in determining that 
Adams discloses the limitation of the first service using said authentication 
service to authenticate said authentication credential received in said first 
message, as recited in claim 1? 
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ANALYSIS 
Claim Construction 

At the outset, we note that claim 1 recites "client capabilities." We 
note that Appellants' Specification defines client capabilities as what a client 
is allowed to do. (Spec. 92-93). Thus, we broadly but reasonably interpret 
the limitation of "determining client capabilities" as determining what a 
client is allowed to do in the first service. We further note that the language 
of claim 1 recites "binding said client capabilities to said authentication 
credential." Since Appellants did not impart any special meaning to the 
term "binding," we broadly but reasonably interpret the term "binding" to be 
analogous to "attaching" or "associating." 

As previously stated, Appellants contend that Adams fails to disclose 
the limitation of "determining client capabilities for a client." As noted 
above, we find that Adams discloses a centralized privilege data selector that 
determines whether there are any . . . privilege data, (FF 1). It is our view 
that "privilege data" is in fact an indication of what a client is allowed to 
do within the system described in Adams. Thus, we find that Adams 
discloses determining client capabilities (privilege data determined by the 
centralized privilege data selector), as recited in claim 1. 

Appellants further contend that Adams fails to disclose "binding the 
client capabilities to the authentication credential." (App. Br. 26). As noted 
above, we find that Adams discloses that the attribute certificate selector 202 
retrieves subscriber certificates or other certificates containing data 
representing a subscriber's unit's privilege status (client capabilities). 
Matching (associated) privilege data is sent as pre-qualification privilege 
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data. (FF 3). Thus, we find that Adams discloses binding said client 
capabilities (matching privilege data with subscriber certificates) to said 
authentication credential (pre-qualification privilege data). 

Appellants also contend that Adams fails to disclose the limitation of 
"the first service using said authentication service to authenticate said 
authentication credential received in said first message," as recited in claim 
1. (App. Br. 27) We disagree. 

As discussed above, Adams discloses that the pre-qualification 
privilege data verifier retrieves the attribute certificate from the privilege test 
criteria data provider and compares this information to the received pre- 
qualification privilege data for consistency. (FF 4). Thus, based on the 
above, it is our view that Adams teaches that the subscriber unit 200, uses 
the attribute certificate selector 202 to perform the verification. 

Based on the record before us we are not persuaded of error in the 
Examiner's finding of anticipation with respect to representative claim 1. 

Therefore, we sustain the Examiner's rejection of representative claim 
1, and claims 8, 15, 16, 27, 33, 38, 39, 41-43, 49, 50, 51, 56, 57, 62, and 66 
that fall therewith, as being anticipated by Adams. 

Section 102 rejection of claim 11 
We next consider the Examiner's rejection of claim 11 as being 
anticipated by Adams. Appellants contend that Adams fails to disclose the 
limitation of "where determining client capabilities is performed by the first 
service." (App. Br. 32). 
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Issue : Have Appellants shown the Examiner erred in determining that 
Adams discloses that the first service determines client capabilities? 

As discussed above regarding claim 1, we find Adams teaches that the 
attribute certificate selector 202, which is a part of the subscriber unit 200 
(first service), is utilized to determine client capabilities (retrieve privilege 
status). (SeeFF3). 

Based on the record before us, we do not find Appellants have shown 
error in the Examiner's prima facie case of anticipation. Accordingly, we 
sustain the Examiner's rejection of claim 1 1 as being anticipated by Adams. 

Section 103 rejection of claim 44 
We next consider the Examiner's rejection of claim 44 as being 
unpatentable over Adams in view of Czerwinski. Appellants contend that 
Adams fails to disclose the limitation of "wherein the advertisement for the 
first service includes a data representation language schema defining a 
message interface for accessing the first service," as recited in claim 44. 3 
(App. Br. 82). 

Issue : (1) Have Appellants shown the Examiner erred in determining 
that the cited references teach or suggest the limitation of a data 
representation language schema defining a message interface for accessing 
the first service? 

3 Appellants state that the arguments regarding the patentability of claim 44 
are the same as those presented for claim 3, which begin on page 45 of the 
Brief. (App. Br. 82) 
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Issue : (2) Have Appellants shown that the Examiner erred in 
combining Adams and Czerwinski? 

The Examiner contends that the cited references, most notably 
Czerwinski, teach that the XML format service description and client queries 
are used for communication between the client and the service. (Ans. 10) 
Further, Appellants admit that Czerwinski discloses use of XML, which may 
be used for client queries. (App. Br. 45). We find that Czerwinski teaches 
that the clients specify their queries using the XML template, and that 
services encode their service metadata as XML documents. (FF 7). 

Thus, it is our view that Czerwinski teaches that XML is used to 
define a message interface (valid service descriptions) to add (define) 
service- specific information (information for accessing the service). 
(Czerwinski § 2.3, 11. 10-14) 

Based on the record before us, we conclude that Appellants have not 
shown the Examiner erred in determining that the cited references teach 
and/or suggest the limitation of a data representation language schema 
defining a message interface for accessing the first service. 

As noted above (Issue 2), Appellants further contend that the 
Examiner erred in combining Adams with Czerwinski. 

It is our view that Appellants have not addressed the Examiner's 
finding that the artisan would have combined the teachings of Adams with 
Czerwinski because XML was well known in the art to provide greater 
flexibility as communication interfaces. Appellants merely argue that 
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neither reference teaches or suggests the above-noted limitations without 
providing any meaningful analysis that explains why the Examiner erred. 

Therefore, we are not persuaded of error in the Examiner's rejection 
and sustain the § 103(a) rejection of claim 44 over Adams and Czerwinski. 

Section 103 rejection of claim 45 
We next consider the Examiner's rejection of claim 45 as being 
unpatentable over Adams and Czerwinski. Appellants contend that the cited 
references fail to teach or suggest that the first message corresponds to a 
message defined in the data representation language schema, as recited in 
claim 45. (App. Br. 82) 4 

Appellants' arguments regarding the limitations of claim 45 are the 
same as those submitted for claim 44. (See App. Br. 51) Accordingly, the 
patentability of claim 45 is urged based on Appellants' arguments submitted 
for claim 44, which we do not find to be persuasive. 

Therefore, we are not persuaded of error in the Examiner's rejection 
of claim 45. Accordingly, we sustain the Examiner's § 103(a) rejection of 
claim 45 over Adams and Czerwinski. 

CONCLUSIONS 
Based on the findings of facts and analysis above, we conclude the 
following: 

4 Appellants state that the arguments regarding the patentability of claim 3 
are the same as those presented for claim 5, which begin on page 49 of the 
Brief. (App. Br. 82) We will only address the limitations that are contained 
in both of claims 5 and 45. 
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Appellants have shown the Examiner erred in determining that the 
cited references disclose or suggest the limitation of said service address 
advertisement includes an address for an authentication service. 

Appellants have shown the Examiner erred in determining that the 
cited references disclose or suggest the limitation of a message gate for 
accessing the first service. 

Appellants have shown the Examiner erred in determining that the 
cited references disclose the limitation of a capability token. 

Appellants have shown the Examiner erred in determining that the 
cited references disclose that the client device is configured to couple to a 
network via a wireless connection. 

Appellants have not shown the Examiner erred in determining that 
Adams discloses determining client capabilities for a client. 

Appellants have not shown the Examiner erred in determining that 
Adams discloses binding said client capabilities to said authentication 
credential. 

Appellants have not shown the Examiner erred in determining that 
Adams discloses the limitation of the first service using said authentication 
service to authenticate said authentication credential received in said first 
message. 

Appellants have not shown the Examiner erred in determining that 
Adams discloses that the first service determines client capabilities. 

Appellants have not shown the Examiner erred in determining that the 
cited references teach or suggest the limitation of a data representation 
language schema defining a message interface for accessing the first service. 
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Appellants have not shown that the Examiner erred in combining 
Adams and Czerwinski. 

DECISION 

The decision of the Examiner rejecting claims 2, 9, 10, 12, 13, 17, 20, 
21, 23-26, 28, 34-36, 40, 47, 58, 59, 61, 63, 67, 69, 70, and 72 under 35 
U.S.C. § 102(e) is reversed. 

The decision of the Examiner rejecting claims 1, 8, 11, 15, 16, 27, 33, 
38, 39, 41-43, 49-51, 56, 57, 62, and 66 under 35 U.S.C. § 102(e) is 
affirmed. 

The decision of the Examiner rejecting claims 3-6, 18, 19, 29-31, 52, 
53, 55, 64, and 65 under 35 U.S.C. § 103(a) is reversed. 

The decision of the Examiner rejecting claims 44 and 45 under 
35 U.S.C. § 103(a) is affirmed. 

No time period for taking any subsequent action in connection with 
this appeal may be extended under 37 C.F.R. §1.1 36(a). See 37 C.F.R. 
§ 1.136(a)(l)(iv). 

AFFIRMED-IN-PART 
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